Examples with ParsedPolicy net.sourceforge.prograde.policyparser.ParsedPolicy used on opensource projects

Example 1 with ParsedPolicy

use of net.sourceforge.prograde.policyparser.ParsedPolicy in project ddf by codice.

the class PermissionActivator method start.

@SuppressWarnings("squid:S1149")
@Override
public void start(BundleContext bundleContext) throws Exception {
    System.setProperty("/", File.separator);
    this.conditionalPermissionAdmin = getConditionalPermissionAdmin(bundleContext);
    String policyDir = SecurityActions.getSystemProperty("ddf.home") + File.separator + "security";
    if (policyDir.startsWith("=")) {
        policyDir = policyDir.substring(1);
    }
    File policyDirFile = new File(policyDir);
    List<ParsedPolicy> parsedPolicies = new ArrayList<>();
    for (File file : Objects.requireNonNull(policyDirFile.listFiles())) {
        ParsedPolicy parse = null;
        try {
            parse = new Parser(false).parse(file);
        } catch (Exception e) {
            systemExit(file);
        }
        parsedPolicies.add(parse);
    }
    ConditionalPermissionUpdate conditionalPermissionUpdate = conditionalPermissionAdmin.newConditionalPermissionUpdate();
    conditionalPermissionUpdate.getConditionalPermissionInfos().clear();
    this.priorityResult = null;
    List<ConditionalPermissionInfo> allGrantInfos = new ArrayList<>();
    List<ConditionalPermissionInfo> allDenyInfos = new ArrayList<>();
    for (ParsedPolicy parsedPolicy : parsedPolicies) {
        List<ParsedPolicyEntry> grantEntries = parsedPolicy.getGrantEntries();
        List<ParsedPolicyEntry> denyEntries = parsedPolicy.getDenyEntries();
        buildConditionalPermissionInfo(grantEntries, allGrantInfos, ConditionalPermissionInfo.ALLOW);
        buildConditionalPermissionInfo(denyEntries, allDenyInfos, ConditionalPermissionInfo.DENY);
        Priority priority = parsedPolicy.getPriority();
        if (priorityResult == null) {
            this.priorityResult = priority;
        } else if (priority != priorityResult) {
            // if they don't match, then we can't make a determination on the priority, so we'll
            // default to deny
            this.priorityResult = Priority.DENY;
        }
    }
    if (priorityResult == null && !allGrantInfos.isEmpty() && !allDenyInfos.isEmpty()) {
        this.priorityResult = Priority.GRANT;
    }
    if (priorityResult == Priority.GRANT) {
        conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allGrantInfos);
        conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allDenyInfos);
        conditionalPermissionUpdate.getConditionalPermissionInfos().add(getAllPermission(ConditionalPermissionInfo.ALLOW));
    } else if (priorityResult == Priority.DENY) {
        conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allDenyInfos);
        conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allGrantInfos);
        conditionalPermissionUpdate.getConditionalPermissionInfos().add(getAllPermission(ConditionalPermissionInfo.DENY));
    }
    conditionalPermissionUpdate.commit();
}

Example 2 with ParsedPolicy

use of net.sourceforge.prograde.policyparser.ParsedPolicy in project ddf by codice.

the class PermissionActivator method grantPermission.

public void grantPermission(String bundle, String permission) throws Exception {
    synchronized (this) {
        // use the parsed policy to make it easier to parse the permission string
        final ParsedPolicy parsedPolicy = new Parser(false).parse(new StringReader(String.format("grant codebase \"file:/%s\" { permission %s; }", bundle, permission)));
        final List<ParsedPolicyEntry> grantEntries = parsedPolicy.getGrantEntries();
        final List<ConditionalPermissionInfo> allGrantInfos = new ArrayList<>();
        final ConditionalPermissionUpdate conditionalPermissionUpdate = conditionalPermissionAdmin.newConditionalPermissionUpdate();
        buildConditionalPermissionInfo(grantEntries, allGrantInfos, ConditionalPermissionInfo.ALLOW);
        final ConditionalPermissionInfo grantInfo = allGrantInfos.get(0);
        final List<ConditionalPermissionInfo> conditionalInfos = conditionalPermissionUpdate.getConditionalPermissionInfos();
        boolean added = false;
        // brand new conditional permission
        for (final ListIterator<ConditionalPermissionInfo> i = conditionalInfos.listIterator(); i.hasNext(); ) {
            final ConditionalPermissionInfo permInfo = i.next();
            if (Objects.equals(grantInfo.getAccessDecision(), permInfo.getAccessDecision()) && Arrays.equals(grantInfo.getPermissionInfos(), permInfo.getPermissionInfos())) {
                final ConditionInfo[] conditions = permInfo.getConditionInfos();
                if ((conditions != null) && (conditions.length == 1) && BUNDLE_NAME_CONDITION.equals(conditions[0].getType())) {
                    final String[] bundles = conditions[0].getArgs();
                    final String[] newBundles = new String[bundles.length + 1];
                    System.arraycopy(bundles, 0, newBundles, 0, bundles.length);
                    newBundles[bundles.length] = bundle;
                    final ConditionalPermissionInfo newPermInfo = conditionalPermissionAdmin.newConditionalPermissionInfo(permInfo.getName(), new ConditionInfo[] { new ConditionInfo(BUNDLE_NAME_CONDITION, newBundles) }, permInfo.getPermissionInfos(), permInfo.getAccessDecision());
                    i.set(newPermInfo);
                    added = true;
                    break;
                }
            }
        }
        if (!added) {
            // if priority is to grant then insert at the top, otherwise insert before
            // the last entry which always reference an all-permission to deny
            final int index = (priorityResult == Priority.GRANT) ? 0 : conditionalInfos.size() - 1;
            conditionalInfos.add(index, grantInfo);
        }
        conditionalPermissionUpdate.commit();
    }
}